summaryrefslogtreecommitdiff
path: root/usr.sbin/rpki-client
diff options
context:
space:
mode:
authorClaudio Jeker <claudio@cvs.openbsd.org>2022-01-26 14:42:40 +0000
committerClaudio Jeker <claudio@cvs.openbsd.org>2022-01-26 14:42:40 +0000
commit59284d464f3d0e7a004b4228b7cd01c4b41d0c45 (patch)
tree42a3f861db9f2121fa3480ee29ae86bcb5891227 /usr.sbin/rpki-client
parent2f870c4905cb4fa4cc4eb8b75b06101dbd3e027c (diff)
Allow rsync:// URI as file in -f mode. This makes it easier to explore
rpki repositories by following AIA and manifest URIs. Also stop checking the the loaded file is not part of the auth tree, it is possible that this file was loaded before as a dependency. OK tb@
Diffstat (limited to 'usr.sbin/rpki-client')
-rw-r--r--usr.sbin/rpki-client/main.c14
-rw-r--r--usr.sbin/rpki-client/parser.c20
-rw-r--r--usr.sbin/rpki-client/rpki-client.87
3 files changed, 26 insertions, 15 deletions
diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c
index 7259662da27..90cb3abeef0 100644
--- a/usr.sbin/rpki-client/main.c
+++ b/usr.sbin/rpki-client/main.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: main.c,v 1.185 2022/01/24 17:29:37 claudio Exp $ */
+/* $OpenBSD: main.c,v 1.186 2022/01/26 14:42:39 claudio Exp $ */
/*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -387,13 +387,15 @@ queue_add_from_mft_set(const struct mft *mft, const char *name, struct repo *rp)
static void
queue_add_file(const char *file, enum rtype type, int talid)
{
- unsigned char *buf;
+ unsigned char *buf = NULL;
char *nfile;
- size_t len;
+ size_t len = 0;
- buf = load_file(file, &len);
- if (buf == NULL)
- err(1, "%s", file);
+ if (!filemode || strncmp(file, "rsync://", strlen("rsync://")) != 0) {
+ buf = load_file(file, &len);
+ if (buf == NULL)
+ err(1, "%s", file);
+ }
if ((nfile = strdup(file)) == NULL)
err(1, NULL);
diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c
index 25d71bad862..fe3ffa275cf 100644
--- a/usr.sbin/rpki-client/parser.c
+++ b/usr.sbin/rpki-client/parser.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: parser.c,v 1.55 2022/01/26 13:57:56 claudio Exp $ */
+/* $OpenBSD: parser.c,v 1.56 2022/01/26 14:42:39 claudio Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -901,11 +901,21 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
struct gbr *gbr = NULL;
struct tal *tal = NULL;
enum rtype type;
- char *aia = NULL, *aki = NULL, *ski = NULL;
+ char *aia = NULL, *aki = NULL;
unsigned long verify_flags = X509_V_FLAG_CRL_CHECK;
if (num++ > 0)
printf("--\n");
+
+ if (strncmp(file, "rsync://", strlen("rsync://")) == 0) {
+ file += strlen("rsync://");
+ buf = load_file(file, &len);
+ if (buf == NULL) {
+ warn("parse file %s", file);
+ return;
+ }
+ }
+
printf("File: %s\n", file);
type = rtype_from_file_extension(file);
@@ -918,7 +928,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
cert_print(cert);
aia = cert->aia;
aki = cert->aki;
- ski = cert->ski;
x509 = cert->x509;
if (X509_up_ref(x509) == 0)
errx(1, "%s: X509_up_ref failed", __func__);
@@ -930,7 +939,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
mft_print(mft);
aia = mft->aia;
aki = mft->aki;
- ski = mft->ski;
verify_flags = 0;
break;
case RTYPE_ROA:
@@ -940,7 +948,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
roa_print(roa);
aia = roa->aia;
aki = roa->aki;
- ski = roa->ski;
break;
case RTYPE_GBR:
gbr = gbr_parse(&x509, file, buf, len);
@@ -949,7 +956,6 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
gbr_print(gbr);
aia = gbr->aia;
aki = gbr->aki;
- ski = gbr->ski;
break;
case RTYPE_TAL:
tal = tal_parse(file, buf, len);
@@ -972,7 +978,7 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
parse_load_crl(c);
free(c);
parse_load_certchain(aia);
- a = valid_ski_aki(file, &auths, ski, aki);
+ a = auth_find(&auths, aki);
crl = get_crl(a);
if (valid_x509(file, x509, a, crl, verify_flags))
diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8
index d8363686d10..88cb5fe9b43 100644
--- a/usr.sbin/rpki-client/rpki-client.8
+++ b/usr.sbin/rpki-client/rpki-client.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: rpki-client.8,v 1.55 2022/01/24 06:54:15 jmc Exp $
+.\" $OpenBSD: rpki-client.8,v 1.56 2022/01/26 14:42:39 claudio Exp $
.\"
.\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: January 24 2022 $
+.Dd $Mdocdate: January 26 2022 $
.Dt RPKI-CLIENT 8
.Os
.Sh NAME
@@ -106,6 +106,9 @@ in
against the RPKI cache stored in
.Ar cachedir
and print human-readable information about the object.
+If
+.Ar file
+is an rsync:// URI the corresponding file from the cache will be used.
This option implies
.Fl n .
.It Fl j